CVE-2025-31241

A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.7.7 (excluding)
Ipados	Apple	18.0 (including)	18.5 (excluding)
Iphone_os	Apple	*	18.5 (excluding)
Macos	Apple	*	13.7.6 (excluding)
Macos	Apple	14.0 (including)	14.7.6 (excluding)
Macos	Apple	15.0 (including)	15.5 (excluding)
Tvos	Apple	*	18.5 (excluding)
Visionos	Apple	*	2.5 (excluding)
Watchos	Apple	*	11.5 (excluding)

Potential Mitigations

References

https://support.apple.com/en-us/122404
https://support.apple.com/en-us/122405
https://support.apple.com/en-us/122716
https://support.apple.com/en-us/122717
https://support.apple.com/en-us/122718
https://support.apple.com/en-us/122720
https://support.apple.com/en-us/122721
https://support.apple.com/en-us/122722

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-31241
CWE	https://cwe.mitre.org/data/definitions/415.html

Double Free

Weakness

Affected Software

Potential Mitigations

References